Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
nagaraja_cs
Contributor
Jump to solution

Radius Authentication for Remote Access VPN users in Centrally SMB managed gateways

Hi Team,

We have a centrally managed SMB gateway appliance 1400.

Configured Remote Access VPN which was working fine.

Now we want to enable Radius authentication for these users.

Radius authentication works fine for VPN users in locally managed gateway.

I want to know if this is supported on centrally managed gateway.

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

Configuration is mostly done in Dashboard, see Check Point 1400 Appliances Centrally Managed Administration Guide R77.20.87 p.10ff ! Without the Guide you will not get far, so please get it...

sk105380 - Check Point R77.20 for 600 / 700 /1100 / 1200R / 1400 Appliance Known Limitations

sk92741: Gaia Embedded OS features

sk112858: ATRG: Gaia Embedded Appliances

RA VPN RADIUS is set here:

RADI.png

>> if this requirement  possible with R77.20.87,then only I can suggest customer to upgrade the firmware. 

If the customer is unwilling to use the newest firmware R77.20.87 (990173004), security is not the thing he really values...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
6 Replies
G_W_Albrecht
Legend Legend
Legend

Yes it is - see e.g. Check Point 1400 Appliances Centrally Managed Administration Guide R77.20.87 p.102, Managing Authentication Servers. It is configured in the Users & Objects > Authentication Servers page as on locally managed units. 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
nagaraja_cs
Contributor

Hi Albrecht,

Thank you for the info.

I am not able to completely download this guide,it takes me to web guide which will show only first page of the guide.

Our gateway is on R77.20.20,is it supported on this version too ?

As per your suggestion if we add radius server as  Authentication Server in 'Users and Administrator' section,how this authentication will be applied to VPN users.

We are getting error "ISP Links are not properly configured.Click the setup...button" in Smart Console when we select Radius auth for VPN users.

ISP's are properly configured and it is working fine.

How Radius Auth and ISP configuration are related here ?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I would suggest to install firmware R77.20.87 (990173004) first. RADIUS server is configured in the Embedded Gaia WebGUI Users & Objects > Authentication Servers page as on locally managed units. Not in Dashboard...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
nagaraja_cs
Contributor

Hi Albrecht,

Yes,we will try that,is there any document which states that it is possible/not possible in case of centrally managed device.

If we add Radius Server as Authentication Server in 'Users and Objects',I assume this setting is for Gateway login.How it is relevant to VPN users,where we can mention that RAVPN users should authenticate with RADIUS server.

I need a confirmation,if this requirement  possible with R77.20.87,then only I can suggest customer to upgrade the firmware. 

 

0 Kudos
nagaraja_cs
Contributor

Hi Team,

Is there any information on this ?

Where can I enable the blade and configure VPN(On Smart Console or on Gateway Portal) ?

Is there any document for centrally managed gateway ?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Configuration is mostly done in Dashboard, see Check Point 1400 Appliances Centrally Managed Administration Guide R77.20.87 p.10ff ! Without the Guide you will not get far, so please get it...

sk105380 - Check Point R77.20 for 600 / 700 /1100 / 1200R / 1400 Appliance Known Limitations

sk92741: Gaia Embedded OS features

sk112858: ATRG: Gaia Embedded Appliances

RA VPN RADIUS is set here:

RADI.png

>> if this requirement  possible with R77.20.87,then only I can suggest customer to upgrade the firmware. 

If the customer is unwilling to use the newest firmware R77.20.87 (990173004), security is not the thing he really values...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events